package com.doge.config.realm;

import com.doge.bean.auth.MarketToken;
import com.doge.bean.pojo.admin.Admin;
import com.doge.bean.pojo.permission.Permission;
import com.doge.bean.pojo.permission.PermissionExample;
import com.doge.mapper.PermissionMapper;
import com.doge.util.auth.GetSubject;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.Arrays;
import java.util.HashSet;
import java.util.List;

/**
 * @program: doge
 * @description:
 * @author: Keyu Li
 * @create: 2021-12-01 19:27
 **/

/*
* AuthorizingRealm：同时提供 认证 + 授权 的realm
* SecurityManager 配置的 realms 提供给 默认的 认证器&授权器，然后认证器&授权器执行override的两个方法。
* */
@Component
public class AdminRealm extends AuthorizingRealm {

    /*
    * 提供认证信息：
    * */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        MarketToken token = (MarketToken) authenticationToken;
        // token里面一定是有 admin 的
        Admin admin = (Admin) token.getUser();
        String credential = admin.getPassword();
        // 与token中的密码进行比对(自动)，返回 AuthenticationInfo
       return new SimpleAuthenticationInfo(admin,credential,this.getName());
    }


    /*
    * 提供授权信息：把所有 授权 都找出来
    *   modularRealmAuthorizer.isPermitted(PrincipalCollection principals, Permission permission)
    *           --> realm.isPermitted(principals, permission)
    *           --> authorizingRealm.getAuthorizationInfo(principals)
    *           --> adminRealm.doGetAuthorizationInfo(principals)
    * */

    @Autowired
    PermissionMapper permMapper;
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("ADMIN REALM doGetAuthorizationInfo");
        // 获取当前用户的权限
        Admin admin = GetSubject.getAdmin();
        List roleIds = Arrays.asList(admin.getRoleIds());
        PermissionExample permExample = new PermissionExample();
        permExample.createCriteria().andRoleIdIn(roleIds).andDeletedEqualTo(false);
        List<Permission> permissions = permMapper.selectByExample(permExample);
        // 将所有 permission 放入一个 set 当中
        HashSet<String> permSets = new HashSet<>();
        for (Permission permission : permissions) {
            permSets.add(permission.getPermission());
        }
        // 放入permission
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.addStringPermissions(permSets);
        return authorizationInfo;
    }
}
